Changeflow GovPing Data Protection ECJ Invalidates Privacy Shield, Impacts Interna...
Priority review Notice Removed Final

ECJ Invalidates Privacy Shield, Impacts International Data Transfers

Favicon for www.bfdi.bund.de BfDI Press Releases (Germany DPA)
Published July 16th, 2020
Detected February 11th, 2026
Email

Summary

The European Court of Justice (ECJ) has declared the EU-US Privacy Shield invalid, impacting international data transfers. The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) stated that companies and authorities can no longer rely on the Privacy Shield for data exchange with the USA, requiring special safeguards and adherence to fundamental rights.

View original document View source feed page

What changed

The European Court of Justice (ECJ) has ruled the EU-US Privacy Shield invalid in the Schrems II judgment, significantly impacting international data transfers. This decision means that companies and authorities can no longer use the Privacy Shield as a legal basis for transferring personal data from the EU to the USA. The ECJ emphasized that fundamental rights of EU citizens must be respected, necessitating special safeguards for data exchange with the USA and potentially requiring revisions to standard contractual clauses.

Regulated entities, particularly those transferring data to the USA, must immediately cease relying on the Privacy Shield. They need to implement alternative transfer mechanisms, such as revised standard contractual clauses, and ensure these meet the high requirements set by the ECJ. Supervisory authorities, including the BfDI, will be responsible for checking compliance and may prohibit data exchange if conditions are not met. The BfDI will provide intensive advice and coordinate with European colleagues on the practical application of this judgment, with further statements expected after the full judgment is published and deliberations within the European Data Protection Board are complete.

What to do next

  1. Cease data transfers based on the EU-US Privacy Shield.
  2. Review and implement alternative data transfer mechanisms, such as revised standard contractual clauses.
  3. Ensure all international data transfers comply with ECJ requirements regarding fundamental rights and data protection safeguards.

Penalties

Data exchange may be prohibited if conditions are not complied with.

Source document (simplified)

Bonn/Berlin, 16/07/2020

Press release 17/2020

The BfDI’s statement on the Schrems II judgment of the ECJ

For the Federal Commissioner for Data Protection and Freedom of Information (BfDI), Professor Ulrich Kelber, today’s ruling of the European Court of Justice (ECJ) on international data transfers is associated with a strengthening of data subjects’ rights: The ECJ makes it clear that international data traffic is still possible. However, the fundamental rights of European citizens must be respected. Now, special safeguards have to be taken for the data exchange with the USA. Companies and authorities can no longer transfer data on the basis of the Privacy Shield, which has been declared null and void by the ECJ. With regard to the transition, we will, of course, provide intensive advice.”

The BfDI will even tomorrow engage into coordination with his European colleagues: “The ECJ has confirmed and strengthened the role of data protection supervisory authorities. As to each single data processing operation, they have to check and be able to check whether the high requirements of the ECJ are met. This also means that these authorities will prohibit the data exchange if the conditions are not complied with. Companies and authorities as well as supervisory authorities now have the complex task of applying the judgment in practice. We will urge rapid implementation in particularly relevant cases”.

The ECJ’s decision provides a clearer framework for international data traffic with the European Union. In this context, the ECJ places high demands on the special safeguards, such as standard contractual clauses, which have to be adopted by companies and authorities, and which have to be controlled by supervisory authorities. The BfDI will issue a further statement after the publication of the entire judgment and the deliberations in the European Data Protection Board. In this context, the focal point will be the revision of the standard contractual clauses by the European Commission, as well as the need for the USA to ensure that the European people enjoy the same fundamental rights as US-nationals.

Related changes

Favicon for www.priv.gc.ca Privacy Commissioner of Canada ArriveCAN App Investigation Report
Routine Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Privacy Commissioner concludes Loblaw loyalty program investigation
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Global Data Protection Authorities Statement on AI Imagery Privacy
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.pcpd.org.hk Hong Kong PCPD Arrests Two for Suspected Doxxing
Urgent Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Global Privacy Authorities Joint Statement on AI-Generated Imagery
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Privacy Commissioner Reports 2025 Work and Data Security Incidents
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection

Source

Favicon for www.bfdi.bund.de
BfDI Press Releases (Germany DPA) bfdi.bund.de/EN/BfDI/Presse/Pressemitteilungen/pressemitteilungen_node.html
Data Protection
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various DPAs (CNIL, BfDI, AEPD, etc.)
Published
July 16th, 2020
Instrument
Notice
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Government agencies Manufacturers
Geographic scope
EU-wide

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
International Data Transfers Fundamental Rights

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Data Protection alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when BfDI Press Releases (Germany DPA) publishes new changes.

Free. Unsubscribe anytime.